[Federal Register Volume 75, Number 198 (Thursday, October 14, 2010)]
[Notices]
[Pages 63253-63254]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-25884]


-----------------------------------------------------------------------

DEPARTMENT OF STATE

[Public Notice 7210]


State-56, Network User Account Records

SUMMARY: Notice is hereby given that the Department of State proposes 
to create a system of records, Network User Account Records, State-56, 
pursuant to the provisions of the Privacy Act of 1974, as amended (5 
U.S.C. 552a) and Office of Management and Budget Circular No. A-130, 
Appendix I. The Department's report was filed with the Office of 
Management and Budget on August 16, 2010.
    It is proposed that the new system will be named ``Network User 
Account Records.'' It is also proposed that the new system description 
will be utilized to administer network user accounts; to help document 
and/or control access to computer systems, platforms, services, 
applications, and databases within a Department network; to monitor 
security of computer systems; to investigate and make referrals for 
disciplinary or other actions if unauthorized access or inappropriate 
usage is suspected or detected; and to identify the need for training 
programs.
    Any persons interested in commenting on the new system of records 
may do so by submitting comments in writing to Margaret P. Grafeld, 
Director, Office of Information Programs and Services, A/GIS/IPS, 
Department of State, SA-2, 515 22nd Street, Washington, DC 20522-8001. 
This system of records will be effective 40 days from the date of 
publication, unless we receive comments that will result in a contrary 
determination.
    The new system description, ``Network User Account Records, State-
56,'' will read as set forth below.

    Dated: August 16, 2010.
Steven J. Rodriguez,
Deputy Assistant Secretary of Operations, Bureau of Administration, 
U.S. Department of State.
STATE-56

SYSTEM NAME:
    Network User Account Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained by the Department of State in secure 
facilities wherever a domain controller is automatically compiling a 
visitors' log of individuals who authenticate to a particular server.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Department of State employees and other organizational users who 
have access to Department of State computer networks.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This Privacy Act system consists of the network user account 
records that Department information systems, applications, and services 
compile and maintain about users of a network. These records include 
user data such as the user's name, system-assigned username; e-mail 
address; employee or other user identification number; organization 
code; job title; business affiliation; work contact information; 
systems, applications, or services to which the individual has access; 
systems, applications, or services used; dates, times, and durations of 
use; user profile; and IP address of access. The records also include 
system usage files and directories when they contain information about 
specific users.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301; 44 U.S.C. 3544.

PURPOSE:
    To administer network user accounts; to help document and/or 
control access to computer systems, platforms, services, applications, 
and databases within a Department network; to monitor security of 
computer systems; to investigate and make referrals for disciplinary or 
other actions if unauthorized access or inappropriate usage is 
suspected or detected; and to identify the need for training programs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The routine uses applicable to this system of records are published 
at 73 FR 40650-40651 (July 15, 2008).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Electronic and paper records.

RETRIEVABILITY:
    Records are indexed by the user's name, system-assigned username; 
e-mail address; or other searchable data fields or codes.

[[Page 63254]]

 SAFEGUARDS:
    All individuals with access to the records covered by this system 
of records receive cyber security awareness training which covers the 
procedures for handling classified and Sensitive-but-Unclassified 
information, including personally identifiable information. Annual 
refresher training is mandatory. Individuals with access undergo a 
background security investigation. All paper records are maintained in 
secured filing cabinets or in restricted areas, access to which is 
limited to authorized personnel only. Access to electronic records is 
password-protected and under the supervision of the information owner. 
Access privileges reflect separation of duties and least privilege, and 
are only extended to those Department personnel who have a need for the 
records in the performance of their duties. Individuals who are 
authorized to examine detailed information about the network and system 
usage of specific users are assigned privileged system accounts for 
that purpose. When it is determined that an individual no longer 
requires access, his or her account is disabled.

RETENTION AND DISPOSAL:
    See National Archives and Records Administration General Records 
Schedule 20.1 (Files/Records Relating to the Creation, Use, and 
Maintenance of Computer Systems, Applications, or Electronic Records) 
and 24.6 (User Identification, Profiles, Authorizations, and Password 
Files). Records are deleted when no longer needed for administrative, 
legal, audit, or other operational purposes.

SYSTEM MANAGER AND ADDRESS:
    Chief Information Officer, Department of State, 2201 C Street, NW., 
Washington, DC 20520.

NOTIFICATION PROCEDURES:
    Individuals who have reason to believe that this system of records 
may contain information pertaining to them may write the Director, 
Office of Information Programs and Services, Department of State, SA-2, 
515 22nd Street, NW., Washington, DC 20522-8001. At a minimum, the 
individual should include the name of this system of records; their 
name, current mailing address, zip code, and signature; and a brief 
description of the circumstances that caused the individual to believe 
that the system of records contains records pertaining to them, 
including the specific geographic locations, overseas missions, or 
individual offices in which the individual believes he or she may have 
accessed or is believed to have accessed the Department's computer 
systems.

RECORD ACCESS AND AMENDMENT PROCEDURES:
    Individuals who wish to gain access to or amend records pertaining 
to them should write to the Director, Office of Information Programs 
and Services, Department of State, SA-2, 515 22nd Street, NW., 
Washington, DC 20522-8001.

RECORD SOURCE CATEGORIES:
    Individuals about whom the record is maintained; information 
systems, applications, and services within a Department network that 
record usage by individuals assigned a user account on that network.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.
[FR Doc. 2010-25884 Filed 10-13-10; 8:45 am]
BILLING CODE 4710-00-P